Privacy, honestly

The short version: we collect as little as we can, we don’t sell anything, and you can get rid of what we have whenever you want.

Last updated: · see what changed

What we collect, and when

Always, to keep the site working and improving:

  • Anonymous pageview and page-leave events, via PostHog Cloud EU. That includes the URL you visited, the URL you came from, your approximate country (derived from your IP address, which PostHog then discards), and your browser, OS, and viewport size. No name, no email, no user ID.
  • Anonymous interaction events on the Free Tools pages: which currency you pick on the loan-comparison calculator, whether you toggle between solving for term vs monthly payment, whether you open the “More options” panel, whether you copy the shareable link, and whether you reset the form. The financial values you type are never sent: not the loan amount, not the interest rate, not the fees, not the vendor name. The whole point of the calculator is that the math runs in your browser.
  • Campaign parameters (utm_source, utm_medium, etc.) if you arrived from a link we or someone else tagged.

Only if you click “Sure, that’s fine” on the cookie banner:

  • Click heatmaps and autocaptured events: basically, which elements on a page get clicked. We use this to spot broken links and layouts that confuse people.

If you subscribe to the blog newsletter:

  • Your email address.
  • The page you subscribed from (so we know whether the blog index or a specific post got you there).
  • Timestamps for when you subscribed, confirmed, and (if you do) unsubscribed.
  • Your subscription status: pending, confirmed, or unsubscribed.
  • Newsletter emails come from updates@nidhi.today. Add it to your contacts so new-post notifications reach your inbox.

If you join the product-launch waitlist:

  • Your email address.
  • The page you signed up from.
  • Timestamp for when you signed up.
  • No confirmation step, no status tracking. Single opt-in.
  • The launch email will come from updates@nidhi.today. Add it to your contacts so it doesn’t land in spam.

Stored only in your browser, never sent to us:

  • Your cookie-consent choice (nidhi-cookie-consent).
  • Your light/dark/system theme preference (nidhi-theme-mode).
  • Which blog posts you’ve read (nidhi-reading-progress), so we can show a subtle “read” indicator next time.
  • Whether you’ve confirmed your newsletter subscription (nidhi-newsletter-subscription), so we stop showing you the subscribe form on every page once you’ve completed the double-opt-in loop. Set only when you click the confirmation link in your email; never contains your email address.
  • Whether you’ve dismissed the newsletter subscribe prompt (nidhi-newsletter-dismissed), so we honor your choice to not see it again for a while. Contains only a dismissal type and timestamp, no email address or personal data.
  • Whether you’ve signed up for the product-launch waitlist (nidhi-waitlist-signedup), so we stop showing you the waitlist form on future visits. Contains only a status flag and timestamp, never your email address.

Clearing your browser’s site data wipes all of the above instantly.

Why we collect it

  • Analytics: to figure out which posts actually help people and which ones lose them halfway through. We can’t fix what we can’t see.
  • Newsletter: to email you when a new blog post is published, plus one reminder if you start subscribing but do not confirm within 3 days (sent between 9 AM and 12 PM Prague time). No other emails. No promos, no “we miss you” sequences, no cross-promoting other products.
  • Waitlist: to send you exactly one email when the nidhi product launches. Nothing else. Not a newsletter, not a drip sequence, not cross-promotion.
  • Local preferences: to make the site feel consistent for you without a server round-trip. All of that stays on your device.

Where it lives

  • PostHog Cloud EU (Frankfurt, Germany): our analytics processor. Session recording is disabled. We use their standard product, with no custom person properties that would identify you, unless you subscribe, in which case your subscription status becomes a property on the anonymous person record for funnel analysis.
  • Google Workspace (Google Cloud EU regions): our email addresses (hello@nidhi.today for general contact and support, updates@nidhi.today for automated product emails like beta invites and newsletter sends) and the Google Sheet that stores newsletter subscribers and waitlist signups (in separate tabs). Only we can read it.
  • GitHub Pages (a GitHub / Microsoft service): hosts the static files of this website. GitHub keeps short-lived server access logs for abuse prevention. We don’t read them and don’t get copies.
  • Your browser: for the local preferences listed above.

That’s the whole list. There’s no fourth processor in a footnote somewhere.

What we don’t do

  • We don’t run ads. No ad tech on this site at all.
  • We don’t sell, rent, license, or syndicate your data to anyone.
  • We don’t cross-site track you. No Facebook pixel, no Google Ads tag, no LinkedIn Insight, no TikTok pixel, no retargeting of any kind.
  • We don’t record your screen, scrolls, or keystrokes.
  • We don’t read replies to newsletter emails and feed them back into any analytics or ads system.
  • We don’t import the newsletter or waitlist lists into any other tool or mailing system.

How long we keep it

  • Analytics events: 12 months (PostHog’s default retention; we haven’t extended it), then auto-deleted.
  • Newsletter subscribers: while you’re subscribed, plus up to 30 days after you unsubscribe so we can make sure you don’t get one more email by accident. After that, the row is deleted.
  • Waitlist signups: until we send the launch email and you’ve had time to act on it, or until you ask us to remove you. Email us anytime.
  • Bounced or invalid emails: removed as soon as we notice them, usually within a week.
  • Your localStorage: until you clear your browser data. Again, we never see it.

Your rights

Under the GDPR (and similar regulations), you have the right to ask us what we hold about you, correct it, export it, restrict how we use it, object to it, or delete it.

  • For the newsletter, unsubscribing is a one-click link in every email we send, and that also schedules the deletion described above. For the waitlist, email us and we’ll remove you. We’ll do it manually for either.
  • For analytics, the events are anonymous; we don’t have a way to look up “your” events because we don’t know who you are. If this bothers you, just decline the cookie banner, or use a content blocker. Nothing on the site breaks.
  • For anything else, email hello@nidhi.today with the word privacy in the subject. We reply within a few days.

Children

This site is written for adults trying to figure out their own money. We don’t knowingly collect anything from children under 16. If you think we have, email us and we’ll delete it.

Changelog

Changes to this notice

We update this page in place. Every change gets an entry in the log below, newest first, no matter how small. Changes that affect how we handle personal data (a new processor, a new category of data, a retention change) are flagged material.

We don’t push “we updated our privacy policy” emails. If you want to keep an eye on it, bookmark this page or read the log below when you’re curious. If a change ever makes you uncomfortable, unsubscribing from the newsletter is a one-click link in every email, and clearing your browser’s site data wipes everything stored locally.

  1. Added updates@nidhi.today as the sending address for automated emails (newsletter, beta invites).

    • hello@nidhi.today remains the address for general contact, support, and privacy requests. Replies to updates@ go to the same inbox.
    • Same Google Workspace account, same processor, same data. No change to how your information is handled, just clarifying which address you will see in your inbox.
  2. material

    Added product-launch waitlist signup on the landing page.

    • New waitlist form on the homepage for people who want one email when nidhi launches. Single opt-in (no confirmation email). Separate from the blog newsletter: different Apps Script backend, different sheet tab, different purpose.
    • New localStorage key nidhi-waitlist-signedup. Stored only in your browser. Set when you submit the waitlist form, so we hide the form on future visits. Contains only a status flag and timestamp, never your email address. Cleared when you clear your browser site data.
    • Waitlist subscribers stored in a dedicated "beta waitlist" tab in the same Google Sheet as the newsletter. Collects: email, source page, signup timestamp. No confirmation tokens, no unsubscribe tokens (single opt-in).
  3. material

    Added a single pending-subscriber reminder for the blog newsletter.

    • If you submit the newsletter form but do not click the confirmation link within 3 days, we send exactly one reminder email asking you to finish subscribing. Sent between 9 AM and 12 PM Prague time (CET/CEST). After that, no further reminders.
    • No new data collected. No change to processors, storage, or retention. The pending status was already tracked; this only adds a time-bound, single-use email triggered by that status.
  4. material

    Dismissible subscribe prompt; subscription key now set only on confirmation.

    • New localStorage key nidhi-newsletter-dismissed. Stored only in your browser, never sent to us or any third party. Records your choice when you click "I already subscribed" (permanent) or "Not now" (30-day cooldown) below the subscribe form, so we honor that choice across pages.
    • Changed nidhi-newsletter-subscription to be set only when you click the confirmation link in your email (double-opt-in complete). Previously it was also set on form submit, which hid the prompt before you'd actually confirmed. Does not store your email address.
    • Both keys cleared on Undo (for dismiss) or unsubscribe (for subscription), or when you clear your browser site data. No category of personal data on our servers changed.
  5. material

    Renamed the currency tool, refreshed its event list, and added a few error-and-engagement signals on both free tools.

    • The free tool at /free/currency-risk is now /free/multi-currency-net-worth (the old URL redirects). The tool itself is unchanged in what it computes; the new name better reflects that the headline output is your net worth converted into one currency, with the concentration / risk view as a secondary panel.
    • New anonymous events on /free/multi-currency-net-worth: free_multi_currency_net_worth_rates_error (fired when the exchange-rate fetch from Frankfurter fails outright; carries the functional currency you had selected and a short, generic reason string from the failed fetch, never your asset data), and free_multi_currency_net_worth_csv_parse_errors (fired when a CSV upload contains invalid rows; carries the count of valid and invalid rows and a coarse reason bucket like "invalid_value" or "unsupported_currency"). Neither event ships any of the values you typed.
    • The free_multi_currency_net_worth_shared_view_opened event now also includes the utm_source URL parameter. This lets us tell apart someone arriving via a copied share link (utm_source=share) from any other inbound campaign. The utm_source value is the campaign source you yourself sent in the URL; we never invent it.
    • New anonymous events on /free/loan-comparison: free_loan_comparison_validation_error (debounced, fires 600ms after a burst of input edits if any vendor card has a validation error; carries the count of errored cards, a coarse error reason like "missing_principal", and the slot label of the first errored vendor, never the actual values), free_loan_comparison_horizon_changed (debounced; carries the chosen horizon in months), and free_loan_comparison_refi_changed (debounced; carries which refinance field was last edited: vendor index, refinance month, new rate, new term, new fees, or "roll fee" toggle). None of these events carry the underlying loan numbers.
    • Most React-rendered buttons in both tools now have a stable data-attr label (for example data-attr="lc-share-copy", data-attr="mcnw-asset-add"). For users who consent to interaction analytics, this gives the autocaptured click events a stable selector instead of a fragile auto-generated one. For users who do not consent, this changes nothing: autocapture is gated on consent.
  6. material

    Added the Currency Risk Analyzer tool and disclosed a new third-party API call from your browser.

    • New free tool at /free/multi-currency-net-worth (formerly /free/currency-risk): add assets and liabilities across currencies, see your net worth in your chosen currency, and check your currency concentration. No data is sent to us, everything runs in your browser.
    • New anonymous interaction events on /free/multi-currency-net-worth: which functional currency you select, when you add or remove an asset, when you upload a CSV file, when you copy a shareable link (and which sharing mode: "full" or "redacted"), and when you reset the form. The financial values you type (asset names, amounts, currencies) are never sent; only interaction metadata is captured.
    • The tool makes one network request from your browser to api.frankfurter.dev (a free, open ECB exchange-rate API). The request includes only the functional currency code you selected (e.g. ?from=EUR). No personal data is sent. This is a direct browser-to-API call; we never see the request or the response.
    • The header navigation now includes a dropdown listing all free tools.
  7. May 2026 3 changes
    1. material

      Disclosed a small set of anonymous interaction events on the Free Tools pages.

      • New anonymous events on /free/loan-comparison: which currency you select, whether you toggle solve-for-term vs solve-for-payment, whether you switch a vendor between fixed and hybrid (ARM) rate kinds, whether you change the analysis tab (side-by-side, horizon, refinance, etc.), whether you change the vendor selected for the per-vendor split chart, whether you open the per-vendor "Show details" expander, whether you copy the shareable link, and whether you click Reset to defaults.
      • These events do not include any of the financial values you type (loan amount, interest rate, fees, monthly payment, vendor name). The point of the calculator is that the math runs in your browser; we are not exfiltrating the inputs.
      • These events fire whether or not you accept the cookie banner; they are categorised the same way as pageview and page-leave: anonymous, no name, no email, no user ID.
    2. material

      Added a local-only key that remembers whether you’ve subscribed.

      • New localStorage key nidhi-newsletter-subscription. Stored only in your browser, never sent to us or any third party.
      • Purpose: once you’ve submitted the newsletter form (or confirmed via email), we hide the subscribe prompt on the rest of the site so you don’t get pitched on every blog post.
      • Cleared automatically when you unsubscribe via the one-click link, when you use the “try a different email” link on the success card, or when you clear your browser site data. No category of personal data on our servers changed.
    3. material

      Initial publication.

      • First version of this notice.
      • Describes PostHog Cloud EU (analytics), Google Workspace EU (newsletter storage + sending), GitHub Pages (static hosting), and browser localStorage (local preferences) as the only processors.
      • Newsletter uses double opt-in with a one-click unsubscribe in every email.

Who we are

nidhi is a small independent project. No investors, no growth team, no ad budget. Currently built and run by one person in Prague.